diff --git a/middleware/accounts.go b/middleware/accounts.go index 212d232..ffdce8c 100644 --- a/middleware/accounts.go +++ b/middleware/accounts.go @@ -259,7 +259,7 @@ var Refresh = func(w http.ResponseWriter, r *http.Request) { func ValidateToken(w http.ResponseWriter, r *http.Request) (*TokenDetails, error) { var pwd string urltomatch := r.URL.String() - if urltomatch == "/api/user/refresh" { + if strings.Contains(urltomatch, "/api/user/refresh") { pwd = "refresh_token_password" } else { pwd = "access_token_password" @@ -274,7 +274,6 @@ func ValidateToken(w http.ResponseWriter, r *http.Request) (*TokenDetails, error w.WriteHeader(http.StatusForbidden) w.Header().Add("Content-Type", "application/json") respond(w, response) - return tk, errors.New("Missing auth token") } splitted := strings.Split(bearToken, " ") //The token normally comes in format `Bearer {token-body}`, we check if the retrieved token matched this requirement